mommy Access Broker
mommy Access Broker is enabling access-as-a-service operations through detailed intrusion guides and compromised credentials, and Intel 471 has released reporting and Hunt Packages to support threat hunting and detection.
NATO summit commences in tandem with tense cyber, kinetic conflict
NATO's annual summit comes as member countries face a rapidly changing global security dynamic, with cyber playing a significant role.
DragonForce Ransomware
DragonForce is a Ransomware-as-a-Service group targeting global industries with customizable payloads, enabling widespread attacks and persistent extortion through an affiliate-driven model.
CVE-2025-31324 - SAP NetWeaver Vulnerability
CVE-2025-31324 is a critical flaw in SAP NetWeaver’s Visual Composer that allows unauthenticated attackers to upload malicious files and gain full system control. Threat actors are already exploiting it in the wild using JSP ...
VanHelsing Ransomware
Launched in March 2025, the cross-platform VanHelsing ransomware-as-a-service quickly attracted affiliates with its profit-sharing model and intuitive control panel, infecting multiple victims within weeks and showing signs o...

Update: Medusa Ransomware
Medusa ransomware, active since 2021, continues to target critical infrastructure through unpatched applications and brokered access. Affiliates use living-off-the-land techniques and double-extortion tactics, prompting a new...

Update: LockBit Ransomware
LockBit 4.0 continues to evolve with enhanced evasion techniques, making it a persistent threat to organizations, and Intel 471 has updated its collection with relevant Hunt Packages to support detection efforts.

Update: Black Basta Ransomware and Threat Group
A significant leak of internal chat logs from within Black Basta ransomware group has provided the community with a glimpse into their operations, including further information regarding their capabilities, tools and motivati...

BadPilot Campaign
The subgroup conducting BadPilot has been observed to be exploiting known vulnerabilities, such as CVE-2024-1709 (ConnectWise ScreenConnect) and CVE-2023-48788 (Fortinet FortiClient EMS), as well as abusing remote access tool...

Android trojan TgToxic updates its capabilities
Intel 471 mobile malware researchers recently discovered a campaign leveraging an updated version of TgToxic, an Android banking trojan. Here's an in-depth look at this malware.